Hints on diagnosing performance issue in OpenBSD firewall
- by Tom
My OpenBSD 4.6 pf firewall has started having really bad performance in the past few weeks. I've isolated the firewall (as opposed to the WAN connection, switch, cable, etc.) as the problem, but need a hint on how to further diagnose or fix the problem.
The facts:
Normal setup is: DSL Modem - FW Ext. NIC - FW Int. NIC - Switch - Laptop
Normal setup described above gives only 25 Kbps!
Plugging the laptop straight from the DSL modem gives a 1 MBps connection (full speed, as advertised). Therefore, the DSL connection seems to be OK.
Plugging the laptop directly into the firewall's internal NIC (bypassing the switch) also gives only 25 Kbps. Therefore, the switch does not seem to be a problem.
I've replaced the ethernet cables, but it didn't help.
Here's the weird thing. Reloading the ruleset (/sbin/pfctl -Fa -f /etc/pf.conf) causes the laptop's connection to go up to 1 Mbps (i.e. full speed) for a few minutes before it gradually degrades back down to 25Kbps again.
Any ideas on what's wrong or how I could further diagnose the problem?